SCS-C03
Data Protection
medium
Question 1 of 36

A security architect wants full control over KMS key lifecycle and usage permissions for an encryption key used by applications and AWS services. Which KMS key type is the best fit?

AAWS owned key
BAWS managed key
CCustomer managed key
DAny key type, because all KMS key types are equally controllable

More Data Protection Questions

36 questions

Full AWS Certified Security - Specialty Practice Test

All topics covered

All AWS Certified Security - Specialty Questions

Browse by topic

Related Questions

A team stores database credentials in AWS Secrets Manager and wants to avoid extra KMS key charges u...

easy

A company wants write-once-read-many protection for objects in Amazon S3 so the objects cannot be de...

easy

A compliance officer needs a retention mode in S3 Object Lock that prevents any user, including the ...

medium

A company needs to encrypt data in one AWS Region and decrypt it in another Region without re-encryp...

hard

A company needs single-tenant hardware security modules with full control over algorithms and keys, ...

medium
View all Data Protection questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account